External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-13 04:17:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

update encryption migration checks and tests

Browse Source
This commit is contained in:
Wayne Witzel III
2017-06-15 12:04:54 -04:00
parent 9014e8c612
commit f9b412419c
4 changed files with 55 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
awx/main/tests/functional/test_reencrypt_migration.py
View File

@@ -1,3 +1,7 @@
# -*- coding: utf-8 -*-
# Copyright (c) 2017 Ansible, Inc.
# All Rights Reserved.
import json
import pytest
import mock
@@ -23,6 +27,7 @@ from awx.main.utils import decrypt_field
@pytest.mark.django_db
def test_notification_template_migration():
# Doesn't get tagged as UTF8 because the the internal save call explicitly sets skip_utf8=True
with mock.patch('awx.main.models.notifications.encrypt_field', encrypt_field):
nt = NotificationTemplate.objects.create(notification_type='slack', notification_configuration=dict(token='test'))
@@ -42,20 +47,24 @@ def test_notification_template_migration():
@pytest.mark.django_db
def test_credential_migration():
@pytest.mark.parametrize("old_enc, new_enc, value", [
('$encrypted$UTF8$AES', '$encrypted$UTF8$AESCBC$', u'Iñtërnâtiônàlizætiøn'),
('$encrypted$AES$', '$encrypted$AESCBC$', 'test'),
])
def test_credential_migration(old_enc, new_enc, value):
with mock.patch('awx.main.models.credential.encrypt_field', encrypt_field):
cred_type = ssh()
cred_type.save()
cred = Credential.objects.create(credential_type=cred_type, inputs=dict(password='test'))
cred = Credential.objects.create(credential_type=cred_type, inputs=dict(password=value))
assert cred.password.startswith('$encrypted$AES$')
assert cred.password.startswith(old_enc)
_credentials(apps)
cred.refresh_from_db()
assert cred.password.startswith('$encrypted$AESCBC$')
assert decrypt_field(cred, 'password') == 'test'
assert cred.password.startswith(new_enc)
assert decrypt_field(cred, 'password') == value
# This is here for a side-effect.
# Exception if the encryption type of AESCBC is not properly skipped, ensures
@@ -64,17 +73,21 @@ def test_credential_migration():
@pytest.mark.django_db
def test_unified_job_migration():
@pytest.mark.parametrize("old_enc, new_enc, value", [
('$encrypted$AES$', '$encrypted$AESCBC$', u'Iñtërnâtiônàlizætiøn'),
('$encrypted$AES$', '$encrypted$AESCBC$', 'test'),
])
def test_unified_job_migration(old_enc, new_enc, value):
with mock.patch('awx.main.models.base.encrypt_field', encrypt_field):
uj = UnifiedJob.objects.create(launch_type='manual', start_args=json.dumps({'test':'value'}))
uj = UnifiedJob.objects.create(launch_type='manual', start_args=json.dumps({'test':value}))
assert uj.start_args.startswith('$encrypted$AES$')
assert uj.start_args.startswith(old_enc)
_unified_jobs(apps)
uj.refresh_from_db()
assert uj.start_args.startswith('$encrypted$AESCBC$')
assert json.loads(decrypt_field(uj, 'start_args')) == {'test':'value'}
assert uj.start_args.startswith(new_enc)
assert json.loads(decrypt_field(uj, 'start_args')) == {'test':value}
# This is here for a side-effect.
# Exception if the encryption type of AESCBC is not properly skipped, ensures